libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
24513 commits 4 branches 5 tags 483 MiB
Commit graph

6525 commits

Author SHA1 Message Date
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150) 
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
 2024-03-26 13:43:41 -04:00
vramik
fa1571f231 Map organization metadata when issuing tokens for OIDC clients acting on behalf of an organization member 
Closes #27993

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-26 14:02:09 -03:00
Pedro Igor
a470711dfb Resolve the user federation link as null when decorating the user profile metadata in the LDAP provider 
Closes #28100

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-26 10:14:49 -03:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
8cbd39083e
Default password hashing algorithm should be set to default password hash provider (#28128) 
Closes #28120

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 12:44:11 +01:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI (#28135) 
Closes #28134

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:45:08 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
Reda Bourial
a41d865600 fix for SMTP email sending fails because of tls certificate verification even with tls-hostname-verifier=ANY (#27756) 
Signed-off-by: Reda Bourial <reda.bourial@gmail.com>
 2024-03-21 17:06:42 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833) 
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 16:22:41 +01:00
Steven Hawkins
35b9d8aa49
task: remove usage of resteasy-core-spi (#27387) 
closes: #27242

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-21 15:28:34 +01:00
Giuseppe Graziano
b24d446911 Avoid using wait() to wait for the redirect 
Closes #22644

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-03-21 14:36:43 +01:00
Giuseppe Graziano
939420cea1 Always include offline_access scope when refreshing with offline token 
Closes #27878

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-03-21 14:32:31 +01:00
Pedro Igor
32541f19a3 Allow managing members for an organization 
Closes #27934

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-21 10:26:30 -03:00
Martin Kanis
4154d27941 Invalidating offline token is not working from client sessions tab 
Closes #27275

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-03-21 09:04:58 -03:00
Sebastian Schuster
0542554984 12671 querying by user attribute no longer forces case insensitivity for keys 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2024-03-21 08:35:29 -03:00
Pedro Igor
f970deac37 Do not grant scopes not granted for resources owned the resource server itself 
Closes #25057

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-20 18:36:41 +01:00
Alexander Schwartz
149e50e1b1
Upgrading to Quarkus 3.8.3 (#28085) 
Closes #28084

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-20 17:16:42 +01:00
Takashi Norimatsu
d5bf79b932 Refactoring JavaScript code of WebAuthn's authenticators to follow the current Keycloak's JavaScript coding convention 
closes #26713

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-03-20 13:22:48 +01:00
René Zeidler
83a3500ccf Attributes without a group should appear first 
In the login theme, user profile attributes that
are not assigned to an attribute group should
appear before all other attributes. This aligns
the login theme (registration, verify profile,
etc.) with the account and admin console.

Fixes #27981

Signed-off-by: René Zeidler <rene.zeidler@gmx.de>
 2024-03-19 18:40:01 +01:00
Hynek Mlnařík
9caac3814c
Enable WebAuthn tests for Account v3 (#28029) 
* Re-enable WebAuthn testsuite
* Remove reference to Account 2 in UI testsuites

Fixes: #26080

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>

---------

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2024-03-19 14:26:44 +01:00
Stefan Wiedemann
67d3e1e467
Issue Verifiable Credentials in the VCDM format #25943 (#27071) 
closes #25943


Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-03-18 17:05:53 +01:00
cgeorgilakis-grnet
24f105e8fc successful SAML IdP Logout Request with BaseID or EncryptedID and SessionIndex 
Closes #23528

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2024-03-18 08:19:13 -03:00
Alexander Schwartz
62d24216e3 Remove offline session preloading 
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-15 15:19:27 +01:00
Pedro Igor
7fc2269ba5 The bare minimum implementation for organization 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: vramik <vramik@redhat.com>
 2024-03-15 11:06:43 -03:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String 
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-13 16:43:03 +01:00
Pedro Igor
9ad447390a Only remove attributes with empty values when updating user profile 
Closes #27797

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-13 15:03:08 +01:00
Réda Housni Alaoui
1bf90321ad
"Allowed Protocol Mapper Types" prevents clients from self-updating via client registration api (#27578) 
closes #27558 

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2024-03-13 14:00:34 +01:00
rmartinc
d679c13040 Continue LDAP search if a duplicated user (ModelDuplicateException) is found 
Closes #25778

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-13 08:52:58 -03:00
rmartinc
43a5779f6e Do not challenge inside spnego authenticator is FORKED_FLOW 
Closes #20637

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-12 14:23:03 +01:00
Pedro Igor
1e48cce3ae Make sure empty configuration resolves to the system default configuration 
Closes #27611

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-11 09:01:38 -03:00
Stefan Wiedemann
6fc69b6a01
Issue Verifiable Credentials in the SD-JWT-VC format (#27207) 
closes #25942

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>


Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-03-11 08:55:28 +01:00
Steve Hawkins
4091baf4c2 fix: accounting for the possibility of null flows from existing realms 
closes: #23980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-03-08 14:25:23 +01:00
Pedro Igor
40385061f7 Make sure refresh token expiration is based on the current time when the token is issued 
Closes #27180

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-07 15:23:19 +01:00
rmartinc
ea4155bbcd Remove recursively when deleting an authentication executor 
Closes #24795

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 14:43:23 +01:00
graziang
54b40d31b6 Revoked token cache expiration fix 
Added 1 second to the duration of the cache for revoked tokens to prevent them from still being valid for 1 second after the expiration date of the access token.

Closes #26113

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-07 13:33:37 +01:00
rmartinc
dea15e25da Only add the nonce claim to the ID Token (mapper for backwards compatibility) 
Closes #26893

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-07 09:56:57 +01:00
Pedro Igor
d5a613cd6b Support for script providers when running in embedded mode 
Closes #27574

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-06 18:06:09 -03:00
Theresa Henze
653d09f39a trigger REMOVE_TOTP event on removal of an OTP credential 
Closes #15403

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2024-03-06 17:12:50 +01:00
graziang
39299eeb38 Encode role name parameter in the location header uri 
The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}.

Closes #27514

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-06 15:59:26 +01:00
rmartinc
82af0b6af6 Initial client policies integration for SAML 
Closes #26654

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-06 15:18:35 +01:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies 
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-05 15:54:02 +01:00
graziang
4fa940a31e Device verification flow always requires consent 
Force consent for device verification flow when there are no client scopes to approve by adding a default client scope to approve

Closes #26100

Signed-off-by: graziang <g.graziano94@gmail.com>
 2024-03-05 14:14:19 +01:00
Tero Saarni
e06fcbe6ae Change supported criteria for Google Authenticator 
List Google Authenticator as supported when
- hash algorithm is SHA256 or SHA512
- number of digits is 8
- OTP type is hotp

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2024-03-05 11:19:06 +01:00
Tomas Ondrusko
9404b888d1
Update disabled feature status code in social login tests 
Closes #27366

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
 2024-03-05 10:22:51 +01:00
Pavel Drozd
be7775a9be LDAPSyncTest - additional removal of users at the end of the test 
Necessary when running with external AD

Closes #27499

Signed-off-by: Pavel Drozd <pdrozd@redhat.com>
 2024-03-05 09:54:58 +01:00
Pedro Igor
2c750c8ffb Reverting unrelated changes to templates 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-03-04 20:28:06 +09:00
Jon Koops
0894642838 Fix up selector for submit button 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-03-04 20:28:06 +09:00
Lucy Linder
aa6771205a Update ReCAPTCHA and add support for ReCAPTCHA Enterprise 
Closes #16138

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
 2024-03-04 20:28:06 +09:00
vramik
032bb8e9cc Map Store Removal: Remove obsolete KeycloakModelUtils.isUsernameCaseSensitive method 
Closes #27438

Signed-off-by: vramik <vramik@redhat.com>
 2024-03-02 04:40:46 +09:00
rmartinc
f970803738 Check email and username for duplicated if isLoginWithEmailAllowed 
Closes #27297

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-03-02 00:14:27 +09:00